Job description
Description
Abra Professional Services is seeking a Splunk Developer.
We are looking for a skilled Splunk Developer to join a SIEM team within a leading financial organization. The role involves developing and maintaining Splunk-based security solutions, integrating log sources, creating dashboards and detection content, and enhancing monitoring capabilities across the organization's cyber security environment.
This role requires strong expertise in Splunk Enterprise/Cloud, advanced SPL development, Python programming, and React development, alongside a deep understanding of SIEM and security monitoring technologies.
A full-time, on-site position, based in Central Israel.
Key Responsibilities:
Develop and maintain solutions on the Splunk platform.
Design and build advanced dashboards, reports, alerts, and saved searches.
Create, optimize, and maintain detection rules and monitoring content.
Integrate and onboard new data sources using Syslog, HEC, REST APIs, and other ingestion methods.
Develop backend components and automations using Python.
Build and maintain internal operational tools and user interfaces using React.
Perform performance tuning and search optimization across the Splunk environment.
Collaborate with cyber security, infrastructure, and operations teams to improve monitoring and detection capabilities.
Requirements
Requirements:
3+ years of hands-on experience with Splunk Enterprise and/or Splunk Cloud.
Strong experience writing advanced SPL queries, including joins, stats, tstats, transactions, and lookups.
Experience developing and maintaining dashboards, alerts, reports, and saved searches.
Experience implementing and managing data inputs via Syslog, HEC, and REST APIs.
Strong understanding of indexes, sourcetypes, props.conf, and transforms.conf.
Experience with Splunk performance tuning and search optimization.
2+ years of Python development experience.
Experience working with REST APIs, JSON/XML parsing, and data normalization.
Experience developing applications with React, including Hooks, Components, and State Management.
Strong knowledge of JavaScript ES6+, HTML, and CSS.
Advantages:
Experience with Splunk SOAR.
Experience in Cyber Security, SIEM, or SOC environments.
Experience integrating with cloud platforms (AWS, Azure, GCP).
Experience integrating security tools such as EDR, IAM, and CI/CD solutions.
Experience working with Git and CI/CD pipelines.
Familiarity with Docker and Kubernetes.
Splunk certifications (Power User, Admin, Architect).
Academic degree in Computer Science, Information Systems, Cyber Security, or a related field
Is this role relevant for you?